protected function btnLogin_Click($strFormId, $strControlId, $strParameter)
{
$objLogin = Login::LoadByUsernamePassword(trim(strtolower($this->txtUsername->Text)), $this->txtPassword->Text);
if (!$objLogin || !$objLogin->IsAllowedToUseChms()) {
$this->lblMessage->Text = 'Invalid email, username or password.';
$this->txtUsername->Blink();
$this->txtPassword->Blink();
$this->txtUsername->Focus();
return;
}
if ($this->chkRemember->Checked) {
setcookie('username', $objLogin->Username, time() + 60 * 60 * 24 * 14, '/', null);
} else {
setcookie('username', null, 1, '/', null);
}
QApplication::Login($objLogin);
if (array_key_exists('r', $_GET) && $_GET['r']) {
QApplication::Redirect($_GET['r']);
} else {
QApplication::Redirect('/main/');
}
}
protected function btnLogin_Click($strFormId, $strControlId, $strParameter)
{
if ($_SERVER['REMOTE_ADDR'] != "127.0.0.1" && substr($_SERVER['REMOTE_ADDR'], 0, 8) != "192.168.") {
$ip_array = json_decode(file_get_contents("http://192.168.1.168:8888/eBayBO/service.php?action=getClientIp"));
//file_put_contents("/tmp/xx.log", print_r($ip_array, true));
if (!in_array($_SERVER['REMOTE_ADDR'], $ip_array)) {
$blnError = true;
$this->txtUsername->Warning = QApplication::Translate('Invalid username or password.');
return 0;
}
}
$blnError = false;
$strUsername = $this->txtUsername->Text;
$strPassword = $this->txtPassword->Text;
$objUserAccount = UserAccount::LoadByUsername($strUsername);
$errorMessage = QApplication::Translate('Invalid username or password.');
// Check if that username exists
if (!$objUserAccount) {
$blnError = true;
$this->txtUsername->Warning = $errorMessage;
} elseif (!$objUserAccount->ActiveFlag) {
$blnError = true;
$this->txtUsername->Warning = $errorMessage;
} elseif (sha1($strPassword) != $objUserAccount->PasswordHash) {
$blnError = true;
$this->txtPassword->Warning = $errorMessage;
} else {
QApplication::Login($objUserAccount);
// If the user has access to the assets module, send them there. Otherwise, send them to the home module.
$objRoleModule = RoleModule::LoadByRoleIdModuleId($objUserAccount->RoleId, 2);
if ($objRoleModule->AccessFlag) {
QApplication::Redirect('./inventory/');
} else {
Qapplication::Redirect('./home/');
}
}
}
/////////////////////////////
// Start Session Handler (if required)
/////////////////////////////
session_start();
/////////////////////////////
// Perform Login (if applicable)
/////////////////////////////
if (array_key_exists('intPersonId', $_SESSION)) {
$objPerson = Person::Load($_SESSION['intPersonId']);
if ($objPerson) {
QApplication::$LoginForDisplay = $objPerson;
switch ($objPerson->PersonTypeId) {
case PersonType::Administrator:
case PersonType::Contributor:
case PersonType::Moderator:
QApplication::$Login = $objPerson;
}
}
}
//////////////////////////////////////////////
// Setup Internationalization and Localization (if applicable)
// Note, this is where you would implement code to do Language Setting discovery, as well, for example:
// * Checking against $_GET['language_code']
// * checking against session (example provided below)
// * Checking the URL
// * etc.
// TODO: options to do this are left to the developer
//////////////////////////////////////////////
if (isset($_SESSION)) {
if (array_key_exists('country_code', $_SESSION)) {
QApplication::$CountryCode = $_SESSION['country_code'];
protected function btnLogin_Click($strFormId, $strControlId, $strParameter)
{
$blnError = false;
$strUsername = $this->txtUsername->Text;
$strPassword = $this->txtPassword->Text;
$objUserAccount = UserAccount::LoadByUsername($strUsername);
$errorMessage = 'Invalid username or password.';
// Check if that username exists
if (!$objUserAccount) {
$blnError = true;
$this->txtPassword->Warning = $errorMessage;
} elseif (!$objUserAccount->ActiveFlag) {
$blnError = true;
$this->txtPassword->Warning = $errorMessage;
} elseif (!QApplication::CheckPassword(sha1($strPassword), $objUserAccount->PasswordHash)) {
$blnError = true;
$this->txtPassword->Warning = $errorMessage;
} else {
QApplication::Login($objUserAccount);
$objAssetRoleModule = RoleModule::LoadByRoleIdModuleId($objUserAccount->RoleId, 2);
$objInventoryRoleModule = RoleModule::LoadByRoleIdModuleId($objUserAccount->RoleId, 3);
$objContactsRoleModule = RoleModule::LoadByRoleIdModuleId($objUserAccount->RoleId, 4);
$objShippingRoleModule = RoleModule::LoadByRoleIdModuleId($objUserAccount->RoleId, 5);
$objReceivingRoleModule = RoleModule::LoadByRoleIdModuleId($objUserAccount->RoleId, 6);
$objReportsRoleModule = RoleModule::LoadByRoleIdModuleId($objUserAccount->RoleId, 7);
$strRedirect = '';
$intModule = null;
if (array_key_exists('strReferer', $_GET)) {
$strRedirect = $_GET['strReferer'];
} else {
if ($objAssetRoleModule->AccessFlag) {
// If the user has access to the assets module, send them there, otherwise...
$strRedirect = __SUBDIRECTORY__ . '/assets/';
$intModule = 2;
} else {
if ($objInventoryRoleModule->AccessFlag) {
$strRedirect = __SUBDIRECTORY__ . '/inventory/';
$intModule = 3;
} else {
if ($objContactsRoleModule->AccessFlag) {
$strRedirect = __SUBDIRECTORY__ . '/contacts/';
$intModule = 4;
} else {
if ($objShippingRoleModule->AccessFlag) {
$strRedirect = __SUBDIRECTORY__ . '/shipping/';
$intModule = 5;
} else {
if ($objReceivingRoleModule->AccessFlag) {
$strRedirect = __SUBDIRECTORY__ . '/receiving/';
$intModule = 6;
} else {
if ($objReportsRoleModule->AccessFlag) {
$strRedirect = __SUBDIRECTORY__ . '/reports/';
$intModule = 7;
}
}
}
}
}
}
}
QApplication::Redirect($strRedirect);
}
}
<?php
require dirname(__FILE__) . '/../../includes/prepend.inc.php';
$strPayload = QApplication::PathInfo(0);
try {
QCryptography::$Key = file_get_contents(__INCLUDES__ . '/../sso_key.txt');
$objCrypto = new QCryptography();
$strPayload = $objCrypto->Decrypt($strPayload);
} catch (Exception $objExc) {
QApplication::Logout();
QApplication::Redirect('/');
}
$strTokens = explode("_", $strPayload);
if (count($strTokens) != 2) {
QApplication::Logout();
QApplication::Redirect('/');
}
$strUsername = $strTokens[0];
$intTime = $strTokens[1];
if ($intTime < time() - 5 || $intTime > time() + 5) {
QApplication::Logout();
QApplication::Redirect('/');
}
$objLogin = Login::LoadByUsername($strUsername);
if (!$objLogin) {
QApplication::Logout();
QApplication::Redirect('/');
}
QApplication::Login($objLogin);
QApplication::Redirect('/');
protected function btnLogin_Click($strFormId, $strControlId, $strParameter)
{
$blnError = false;
$strUsername = $this->txtUsername->Text;
$strPassword = $this->txtPassword->Text;
$objUserAccount = UserAccount::LoadByUsername($strUsername);
$errorMessage = 'Invalid username or password.';
$objHasher = new PasswordHash(8, PORTABLE_PASSWORDS);
// Check if that username exists
if (!$objUserAccount) {
$blnError = true;
$this->txtPassword->Warning = $errorMessage;
} elseif (!$objUserAccount->ActiveFlag) {
$blnError = true;
$this->txtPassword->Warning = $errorMessage;
} elseif (!$objHasher->CheckPassword(sha1($strPassword), $objUserAccount->PasswordHash)) {
$blnError = true;
$this->txtPassword->Warning = $errorMessage;
} else {
QApplication::Login($objUserAccount);
$objAssetRoleModule = RoleModule::LoadByRoleIdModuleId($objUserAccount->RoleId, 2);
$objInventoryRoleModule = RoleModule::LoadByRoleIdModuleId($objUserAccount->RoleId, 3);
$objContactsRoleModule = RoleModule::LoadByRoleIdModuleId($objUserAccount->RoleId, 4);
$objShippingRoleModule = RoleModule::LoadByRoleIdModuleId($objUserAccount->RoleId, 5);
$objReceivingRoleModule = RoleModule::LoadByRoleIdModuleId($objUserAccount->RoleId, 6);
$objReportsRoleModule = RoleModule::LoadByRoleIdModuleId($objUserAccount->RoleId, 7);
if (array_key_exists('strReferer', $_GET)) {
QApplication::Redirect($_GET['strReferer']);
} else {
if ($objAssetRoleModule->AccessFlag) {
// If the user has access to the assets module, send them there, otherwise...
QApplication::Redirect('./assets/');
} else {
if ($objInventoryRoleModule->AccessFlag) {
Qapplication::Redirect('./inventory/');
} else {
if ($objContactsRoleModule->AccessFlag) {
Qapplication::Redirect('./contacts/');
} else {
if ($objShippingRoleModule->AccessFlag) {
Qapplication::Redirect('./shipping/');
} else {
if ($objReceivingRoleModule->AccessFlag) {
Qapplication::Redirect('./receiving/');
} else {
if ($objReportsRoleModule->AccessFlag) {
Qapplication::Redirect('./reports/');
}
}
}
}
}
}
}
}
}
